cbcvebase.
CVE-2024-32870
published 2024-11-05

CVE-2024-32870: Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone…

PriorityP179medium5.8CVSS 3.1
AVNACLPRNUINSCCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.73%
49.7th percentile
Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected

5 ranges
VendorProductVersion rangeFixed in
combodoitop< 2.7.112.7.11
combodoitop
combodoitop
combodoitop>= 3.0.0 < 3.0.53.0.5
combodoitop>= 3.1.0 < 3.1.23.1.2

Detection & IOCsextracted from sources · hover to see the quote

url/pages/exec.php?exec_module=itop-hub-connector&exec_page=launch.php&target=inform_after_setup
otherhtml:"iTop login"
otherbody="iTop login"
  • HTTP GET request to the vulnerable endpoint returns a 200 response containing sensitive configuration keywords in the body, indicating successful information disclosure.
  • Response body contains the strings 'database_settings', 'database_version', and 'instance_host' — all present simultaneously — confirming exploitation of the information disclosure vulnerability.
  • No authentication is required; the endpoint is accessible to any unauthenticated user with network access to the iTop URI.
  • ·The vulnerability is present in iTop versions prior to the patched releases; detection is only relevant against unpatched instances (before 2.7.11, 3.0.5, 3.1.2, and 3.2.0).

CVSS provenance

nvdv3.15.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
vulncheck5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.